Skip to main content
About viruses

About viruses

Search
Winservices Help Pages
  

 Contact Service Desk

Email:service-desk@cern.ch
Phone: +41 22 76 77777

Winservices Help Pages > NICE security and antivirus > Virus hoaxes and spyware > About viruses > Pages > default  

Recommendations about Viruses What is a virus ? Why virus are bad ? How not to get a virus ? How to get rid of a virus ?

Recommendations about Viruses

What is a virus ?

A computer virus is a type of computer program that is designed to hide in the background and replicate itself from one computer to another by attaching itself to existing programs or parts of the operating system. Computer viruses often infect many programs on the same system or even parts of the operating system in an attempt to spread themselves as far as possible. In addition to this general virus definition there are several types of virus, you can read a description of the main types below  :

Boot virus :

Boot sector virus infects boot sectors on diskettes and/or hard disks. On diskettes, the boot sector normally contains code to load the operating system files. The virus replaces the original boot sector with itself and stores the original boot sector somewhere else on the diskette or simply replaces it totally. When a computer is then later booted from this diskette, the virus takes control and hides in RAM. It will then load and execute the original boot sector, and from then on everything will be as usual. Except, of course, that every diskette inserted in the computer will be infected with the virus, unless it is write-protected. A boot sector virus will usually hide at the top of memory, reducing the amount of memory that the DOS sees. For example, a computer with 640K might appear to have only 639K. Most boot sector virus are also able to infect hard disks, where the process is similar to that described above, although they usually infect the master boot record instead of the DOS boot record.

Macro virus :

A macro virus is a computer virus that "infects" a Microsoft Office or similar application and causes a sequence of actions to be performed automatically when the application is started or something else triggers it. Macro viruses tend to be surprising but relatively harmless. A typical effect is the undesired insertion of some comic text at certain points when writing a line. A macro virus is often spread as an e-mail virus, or inside an infected document.

Polymorphic virus :

These viruses create a new decryption routine each time they infect, so every infected file will have a different sequence of virus code. Some new viruses use different approaches to be polymorphic. The virus contains some encrypted tables describing which operations a virus take. When such a virus infects a file, it uses those tables to generate a whole new polymorphic virus. It may place part of the code at randomly selected locations, use different binary representations for each operation, etc. Macro viruses can also be polymorphic. In trivial form it simply adds randomly generated comments to randomly selected lines of virus source code. What that all means, is that the virus can mutate in different ways to defeat virus scanners.

Trojan horses :

A Trojan horse is any program that, once run, does something that the user doesn't want or request. The program doesn't necessarily infect other files or spread to other systems. It is the generic term to refer to any software that is intentionally coded to do something other than what it is supposed to. Some people think of viruses as a special form of Trojan horse: one that can infect other files (thus turning them into Trojan horses) and duplicate itself. Trojan horses are sometimes just called "Trojans" for short. 

Worm virus :

Worms are very similar to viruses in that they are computer programs that replicate themselves and that often, but not always, contain some functionality that will interfere with the normal use of a computer or a program. 
The difference is that unlike viruses, worms exist as separate entities; they do not attach themselves to other files or programs. A worm can spread itself automatically over the network from one computer to the next. Worms take advantage of automatic file sending and receiving features found on many computers.

Why virus are bad ?

A computer virus will often have a "trigger" such as a specific date or a specific program being run that will perform a benign event such as flashing a message on the users screen. Some viruses will perform more malicious deeds however, deleting or scrambling users files or their entire system.
Some viruses also slow down a user system, disable specific functions, or cause erratic system behavior. New ones try to deactivate antivirus, personal firewall product and more and more often have backdoor or key logger capabilities. In fact it appears that new generation virus include several of theses capabilities at the same time.

In conclusion, virus are bad because they compromise the integrity of your system, your data and your privacy

How not to get a virus ?

First it's important to know the way the virus use to infect user systems.
Like organic virus, computer ones can only infect a machine by using an input device to go inside.

Input devices can be :

  • Floppy (the most used before email appears).

  • Cd-rom (illegal games copy, data from others machines).

  • Modem (file transfer with others).

  • External mass storage (Zip floppy, external hard-drive from other systems...).

  • Network card (email, file sharing on Internet or Intranet...).

  • ... Other devices that permit data transfer from one system to another.

If your system is clean and if you don't use any data that came from another machine, it can't be infected by itself.

At CERN all computers in the domain receive automatically the latest version of Microsoft Forefront Client Security just after their installation. 
This product is managed remotely by our service and it is not necessary for the user to take care of that. Virus are automatically reported by each machines immediately after their detection.

To minimize the risk of being infected, users must follows few recommendations :

  • Do not open any attachment in mail if you don't expect it.

  • Do not give your email address on non official website.

  • Do not surf or download any program on underground website.

  • Do not share resources of your system without any restrictions.

  • Always apply security patch on your system to prevent virus attacks

  • And the most important one : Be sure your antivirus is updated and running before doing anything.

How to get rid of a virus ?

You can check if your antivirus program is running correctly by looking at the little checked green in the system tray.
As you know, to be efficient, antivirus software need to have their real-time protection enabled to protect all the input/output operations of the system. 

NB: Running a deactivated antivirus is as bad as running a system without any antivirus.

If this icon is visible on your PC and  you suspect it to be infected, the best thing to do is to run a full system scan.
If the scan report a virus on your machine you can check what are its capabilities by surfing the Microsoft Malware Protection Center. In the major part of the cases, the vendor provides a fix tool to repair systems infected by highly destructive viruses, you can download and use them if you are an advanced user, otherwise you have the possibility to send a mail to the helpdesk and wait for antivirus support. In this case don't forget to give the name of your computer and describe what are the behaviors caused by the supposed virus.